nginx-tests SSL tests failing out of the box?
Mayerhofer, Austin
Austin.Mayerhofer at forcepoint.com
Thu Jan 25 18:59:36 UTC 2024
Hi all,
I have not made any changes to NGINX. Vanilla NGINX (./configure with no flags) passes all tests that run, but when compiling with SSL, not all SSL tests are passing. Is this expected, or do I need to configure nginx further aside from adding the --with-http_ssl_module flag? Do each of the failing tests below require separate fixes, or is there a one-size-fits-all solution for all of them?
OS: MacOS 12.6.3
Chip: Apple M1 Max
NGINX: 1.24.0 built from source code with ./configure --with-debug --with-http_ssl_module
Nginx-tests: https://github.com/nginx/nginx-tests/tree/4c2ad8093952706f327d04887c5546bad91b75a6
OpenSSL: 3.2.0 (/opt/homebrew/bin/openssl)
Perl: 5.30.3 (/usr/bin/perl)
When I run
```
TEST_NGINX_BINARY=/usr/local/nginx/sbin/nginx prove -v ssl.t
```
I see
```
not ok 2 - session reused
# Failed test 'session reused'
# at ssl.t line 187.
# 'HTTP/1.1 200 OK
# Server: nginx/1.24.0
# Date: Thu, 25 Jan 2024 18:50:10 GMT
# Content-Type: text/plain
# Content-Length: 6
# Connection: close
#
# body .'
# doesn't match '(?^m:^body r$)'
```
When I run
```
TEST_NGINX_BINARY=/usr/local/nginx/sbin/nginx prove -v ssl_certificate.t
```
I see
```
not ok 9 - session id context match
# Failed test 'session id context match'
# at ssl_certificate.t line 183.
# 'HTTP/1.1 200 OK
# Server: nginx/1.24.0
# Date: Thu, 25 Jan 2024 18:52:11 GMT
# Content-Type: text/html
# Content-Length: 0
# Last-Modified: Thu, 25 Jan 2024 18:52:11 GMT
# Connection: close
# ETag: "65b2addb-0"
# X-SSL: default:.
# X-SSL-Protocol: TLSv1.3
# Accept-Ranges: bytes
#
# '
# doesn't match '(?^:default:r)'
```
And finally running
```
TEST_NGINX_BINARY=/usr/local/nginx/sbin/nginx prove -v ssl_crl.t
```
Yields
```
not ok 1 - crl - no revoked certs
# Failed test 'crl - no revoked certs'
# at ssl_crl.t line 157.
# 'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Thu, 25 Jan 2024 18:53:50 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: FAILED:unsupported certificate purpose
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
# doesn't match '(?^:SUCCESS)'
```
Thanks,
Austin
This message has been scanned for malware by Forcepoint. www.forcepoint.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20240125/668e1012/attachment-0001.htm>
More information about the nginx-devel
mailing list